Game over: Cyber-breaches aren’t matter of if, but when, experts say — so companies need to prepare for worst case

As security breach events clog news cycles, businesses can only hope to find silver bullets in protective cybersecurity services.

Rob Kleeger hates to break the news to them: They will fail, he says.

And, without a hint of optimism, he adds, “And there’s nothing you can do to avoid that.”

Kleeger is the founder and managing director of Digital4nx Group Ltd., a Sherlock Holmes of the cybersecurity world. His firm does digital forensics work to investigate what data was compromised and how it can be recovered after a security breach.

In his view, preparing for hacker assaults doesn’t involve just going out to purchase the most advanced suite of cybersecurity products on the market. The biggest companies have tried that, he said.

“And, yet, those companies, with all their resources, are still getting breached and are in the front-page headlines all the time,” he said. “All the money in the world doesn’t solve the problem.”

Kleeger was a first responder during the 2011 Sony breach, during which the “hacktivist” group Anonymous announced its intent to go after the business in response to a lawsuit against George Hotz, a New Jersey native who gained notoriety for reverse-engineering the PlayStation 3 gaming system.

“That’s a perfect example, Sony banged their chest and said, ‘Hey, we’ve got 600 security engineers,’” he said. “When they got a letter from the Anonymous organization standing behind this person’s cause and threatening to bring Sony’s websites down. … Sony gave them the bird, and (Sony was) shut down two days later.”

The bottom line is this: Those that deal with these threats on a daily basis want business leaders to think about what to do when — not if — they’re the next victims on the hacker hit list.

“Most business leaders are thinking about this as a technical issue,” he said. “It’s not simply technical. At the end of the day, you have to understand what it is you want to protect and legal obligations you’ll have when you’re breached.”

No doubt influenced by his detective-like business approach, Kleeger is a fan of companies doing an investigation of their own systems and the kind of data they have before attacks happen.

And, even if hackers are hard to stop, having some level of cybersecurity protection is better than the alternative. But these are most effective when you know what specifically needs protecting, Kleeger said.

“Because, if an attacker finds themselves on your network but can’t get to the crown jewels, they’re going to leave empty-handed or just go after a lesser target,” he said.

Experts say part of why there’s no perfect failsafe to be found is the amount of security breaches caused by exploiting human behavior, not secured computer systems.

Mike Mullin, president of Integrated Business Systems, said it often comes down to what people choose as a password.

Integrated Business Systems
Mike Mullin, president of Integrated Business Systems.

Turns out the name of your favorite sports team doesn’t cut it anymore.

“If you’re trying to protect yourself from evils of the cyberworld, people need to understand that passwords need to be more than a name and a birthday or anniversary,” he said. “That’s all too easy to figure out. It has to be something truly random and only they know.”

Passwords in peoples’ personal lives and business lives tend to cross wires. That isn’t safe, Mullin said.

Mullin, who runs a Totowa company that offers a number of information technology services, described a recent situation in which a client suffered devastating downtime from a virus that spread just by someone clicking on an email attachment.

“Once it was on a computer in the organization, it only took minutes before each computer was affected, and the only way to get rid of it was reformatting all the hard drives,” Mullin said. “And it’s tough, because many businesses cannot survive being down five days without revenue.”

Mullin added that the unfortunate fact is, about half of businesses targeted by cybercriminals aren’t still in business six months later.

It might sound like cybersecurity experts are all doom and gloom, but in a hack-happy digital age, it’s hard for them not to be.

“The truth is, someone is waking up tomorrow morning wanting to steal what you’ve got,” Mullin said. 

Conversation Starters

Reach Digital4nx Group at: digital4nxgroup.com or 732-786-4062.

Reach Integrated Business Systems at: ibsre.com or 973-575-4950.